Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29924 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-1252 1 Light Weight Calendar 1 Light Weight Calendar 2026-06-16 7.5 HIGH N/A
Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php.
CVE-2006-1250 1 Amax Information Technologies 1 Winmail 2026-06-16 10.0 HIGH N/A
Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors.
CVE-2006-1248 1 Hp 1 Hp-ux 2026-06-16 4.6 MEDIUM N/A
Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended.
CVE-2006-1245 1 Microsoft 1 Ie 2026-06-16 7.5 HIGH N/A
Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."
CVE-2006-1244 4 Debian, Gnome, Libextractor and 1 more 4 Debian Linux, Gpdf, Libextractor and 1 more 2026-06-16 7.6 HIGH N/A
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.
CVE-2006-1243 1 Alexander Palmo 1 Simple Php Blog 2026-06-16 7.5 HIGH N/A
Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
CVE-2006-1242 1 Linux 1 Linux Kernel 2026-06-16 5.0 MEDIUM N/A
The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan (nmap -sI) attack, which bypasses intended protections against such attacks.
CVE-2006-1241 1 Firebirdsql 1 Firebird 2026-06-16 4.6 MEDIUM N/A
Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) fb_inet_server with setuid firebird permissions, which might allow local users to gain privileges via a buffer overflow as identified by CVE-2006-1240, or possibly other vulnerabilities.
CVE-2006-1240 1 Firebirdsql 1 Firebird 2026-06-16 4.6 MEDIUM N/A
Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) fbserver in Firebird 1.5.2.4731 allows local users to gain privileges via a long value of the -p argument.
CVE-2006-1239 1 Countersoft 1 Gemini 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in Gemini 2.0 allows remote attackers to inject arbitrary web script or HTML via the rtcDescription$RadEditor1 field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-1238 1 Dsportal 1 Dslogin 2026-06-16 5.1 MEDIUM N/A
SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the $log_userid variable in (1) index.php and (2) admin/index.php.
CVE-2006-1237 1 Dsportal 1 Dsnewsletter 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the email parameter to (1) include/sub.php, (2) include/confirm.php, or (3) include/unconfirm.php.
CVE-2006-1236 1 Crossfire 1 Crossfire 2026-06-16 7.5 HIGH N/A
Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010.
CVE-2006-1235 1 David Ravenscroft 1 Hithost 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attackers to delete directories (possibly only empty directories) via the $deleteuser variable. NOTE: the initial disclosure for this issue indicated that the researcher was unable to prove this issue; however, this might have been due to certain behaviors of rmdir.
CVE-2006-1234 1 Dsportal 1 Dscounter 2026-06-16 5.1 MEDIUM N/A
SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.
CVE-2006-1233 1 Mikael Software 1 Wmnews 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow remote attackers to inject arbitrary web script or HTML via the (1) ArtCat parameter to wmview.php, (2) ctrrowcol parameter to footer.php, or (3) ArtID parameter to wmcomments.php.
CVE-2006-1232 1 Dsportal 1 Dsdownload 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) key and (2) category parameters to (a) search.php and (b) downloads.php.
CVE-2006-1231 1 Julian Pawlowski 1 Capi4hylafax 2026-06-16 1.2 LOW N/A
CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, allows local users to modify arbitrary files via a symlink attack on the c2faxrecv_dbgdatafile.sff temporary file.
CVE-2006-1229 1 Hosting Controller 1 Hosting Controller 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in search.asp in Hosting Controller 6.1 (Hotfix 2.9) allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-1227 1 Drupal 1 Drupal 2026-06-16 4.6 MEDIUM N/A
Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is used to create a menu item, does not implement access control for the page that is referenced, which might allow remote attackers to access administrator pages.